README: update handling of security vulnerabilities #10734
Conversation
We may not want to suggest to contact CoreOS now. We could remove this section but consiering the nature of the subject, discussion with the project maintainers probably a good idea if someone doesn't find it comfortable to report an issue right away.
|
@xiang90 @hexfusion hello, I think this is safe to merge. Please look at it when you get a chance. Thanks! |
|
we probably should create a mailing list for handling security issues instead of asking users to reach out to maintainers individually. |
|
@xiang90 sure, mailing list sounds a good idea. Do you have suggestion on creating it? I guess you or @hexfusion need to create it? Thanks! |
|
@xiang90 once we have ML, we can use it at multiple place like here as well https://github.com/etcd-io/maintainers (by replacing the last line on email to maintainers) We have more reason to create ML :) Thanks! |
|
lgtm |
|
@spzala Can you research on how to get a etcd security mailing list from CNCF? |
|
@xiang90 thanks and sure, I will reach out to CNCF and find it out, and hopefully will have it created soon. |
|
@xiang90 I was thinking to create an issue for tracking purpose and contact @idvoretskyi from CNCF side but I while doing that I found that it's already a work in progress etcd-io/maintainers#6 I will follow up with Ihor. Thanks! |
|
Created #10960 |
We may not want to suggest to contact CoreOS now. We could remove this
section but consiering the nature of the subject, discussion with the project
maintainers probably a good idea if someone doesn't find it comfortable
to report an issue right away.